CVE-2022-45112

Vulnerability

An improper access control vulnerability exists in Intel(R) Virtual RAID on CPU (VROC) software in versions prior to 8.0.0.4035. The flaw resides in the software's access control mechanism and affects both Windows and Linux installations. The issue is cataloged as CVE-2022-45112 with a CVSS score to be determined from the Intel advisory [1].

Exploitation

Exploitation requires an authenticated user with local access to the system. The attacker must have user-level access to the operating system where Intel VROC is installed. No user interaction beyond the initial authentication is needed. The vulnerability can be triggered by leveraging improper access control checks, allowing the attacker to execute actions that normally require higher privileges [1].

Impact

Successful exploitation allows the attacker to escalate their privileges on the local system. This could lead to unauthorized administrative control over the Intel VROC configuration, potentially enabling the attacker to modify RAID settings, access sensitive data stored on virtual drives, or disrupt system storage operations. The scope is local, and the impact is on confidentiality, integrity, and availability [1].

Mitigation

Intel has released version 8.0.0.4035 of the Intel VROC software, which contains the fix for this vulnerability. Users should update to this version or later through official Intel download channels. No workarounds are documented in the advisory [1].